About Me

Hello, my name is Tom Cope and I currently work as a Cyber Security Engineer at a leading asset manager, previously working as the Chief Security Officer of NextDLP. I’m a ex-IBMer, originally joining the Apprenticeship program in 2012 I progressed to a Cloud Cyber Security Architect while studying part-time at Oxford University for a Master’s Degree in Software and Systems Security.

I am an experienced Security Architect and Systems Engineer with a passion for designing, building and maintaining secure systems, processes and teams. I have strong experience in both Cloud and containerized (Docker / Kubernetes) platforms while working in DevSecOps environments. I enjoy programming and electronics in my spare time - you can learn more in the “Projects” sections below. I have a keen interest in Security and Cryptography. I enjoy designing and building secure systems / software as well as performing security research on pre-existing systems / software. I am CISSP Certified as well as a Redhat Linux System Engineer. I use these skills extensively at work and for the support of this server which is used to host both myself, and a friend’s projects (Server Status).

In my spare time, I am a STEM Ambassador and an Associational (MBCS) Member of the British Computer Society. I play games such as TF2, and Minecraft. Avid runner and enjoy a good game of Badminton. Also enjoy Skiing when I get the chance. Feel free to drop me a line either on my Linkedin or GitHub or Youtube.

Blog posts

Some of my ramblings:

44Con 2024

I visited 44Con 2024 to stay up today on the latest Cyber Security News! I attended a 2-hour workshop on reverse engineering with Ghidra, soldered my con badge with only…

(Posted on 18 September 2024 · 1 min read)

BSides Basingstoke Presentation

I was invited to return again to BSides Basingstoke but this year as the keynote speaker! I presented the talk “Old Maid, new tricks - Backdooring Linux Full Disk Encryption…

(Posted on 19 July 2024 · 1 min read)

Microsoft Future of Cyber Summit

I attended the Microsoft Future of Cyber Summit : Security in the age of AI. Here I learned all about the new Microsoft “Copilot for Security” and its many integrations…

(Posted on 18 March 2024 · 1 min read)

Imperial College Hackathon

I attended the 2024 Imperial College London Hackathon where I promoted a career in Cyber Security with Students as well as assisting in two workshops, one on Web scraping and…

(Posted on 03 February 2024 · 1 min read)

BSides Basingstoke Mini Meet

I presented at BSides Basingstoke, Basingstoke’s premier (only) cyber security/hacker conference! This talk was on “A Phish too Far - Experiences in Targeted Phishing Incident Response” where I did a…

(Posted on 19 January 2024 · 1 min read)

BSides London

I visited BSides London to keep up today on the latest Cyber Security News! I attended a 2-hour workshop on Blue Team Detection engineering, which involved creating SIEM rules on…

(Posted on 09 December 2023 · 1 min read)

Southampton University Presentation

I presented at Southampton University a talk on “A Phish too far” in collaboration with the Uni’s Electronics & Computer Science Society. The talk was a deep dive into the…

(Posted on 12 October 2023 · 1 min read)

Spark Presentation

I presented at a local school about the benefits of a career in cybersecurity.

(Posted on 13 February 2023 · 1 min read)

Cambridge Presentation

I presented at Cambridge University a talk on “That’s expensively weird - a deep dive into cloud incident response”. The talk went into threat modeling, the importance of code review,…

(Posted on 07 January 2023 · 1 min read)

Data Protection Fireside Chat

A Christmas themed fireside chat video reviewing the Data protection space in 2022 and predictions for 2023.

(Posted on 15 December 2022 · 1 min read)

ISO 27001:2022 Blog Post

A blog post I made about my thoughts on Data Protection within the new ISO 27001 2022 standard.

(Posted on 02 December 2022 · 1 min read)

Places I’ve been quoted

Living document of places I’ve been quoted when asked to comment on Cyber-security News

(Posted on 01 December 2022 · 1 min read)

Cranford Careers Fair

I attended the Cranford Community College Careers fair alongside my Colleague Robbie representing Next DLP (with the recent re-branding we were using our old “Qush” banners) to provide students with…

(Posted on 21 November 2022 · 1 min read)

BSides Basingstoke Presentation

I was invited to BSides Basingstoke where I presented a talk guiding the audience through my own practical security research experience developing CVE-2020-5014. I walk through the process of information…

(Posted on 15 July 2022 · 1 min read)

Newcastle University Presentation

I presented my talk “From Zero to SSRF to RCE and back again” to the Newcastle University Competitive Computer Science Society, in the talk I explain “Ethical Hacking Journey -…

(Posted on 21 May 2022 · 1 min read)

IBM HMC Exploit CVE-2021-29707

During some security research I discovered a method in which the local user account restricted in the HMC shell could be uses to escalate privilege to root access. The post…

(Posted on 19 July 2021 · 9 mins read)

X Series RAID Card Stuck Boot

I was able to acquire a second hand IBM System x3650 M4 BD (5466). I wanted to replace the ServeRAID card with a “ServeRAID M1015 LSI 9220-8i 6GB SAS SATA…

(Posted on 28 January 2021 · 2 mins read)

IBM Datapower Exploit CVE-2020-5014

During some personal security research I discovered a SSRF vulnerability in IBM Datapower which could then be upgraded to RCE. The practical upshot of which is with an authenticated session…

(Posted on 21 October 2020 · 3 mins read)

Debugging Valorant

I had quite a few issues getting Riot Games new first person shooter Valorant running on my laptop. This is a brief post to cover some of the techniques I…

(Posted on 17 July 2020 · 6 mins read)

NahamCon CTF (2020)

I took place in NahamCon CTF. It was a two day event but I was only able to make it for the last 1/2 of the last day. I scored…

(Posted on 13 June 2020 · 6 mins read)

Docker setuid & setgid weirdness

During some work on a project I came across some strange behaviour on how docker handles setuid & setgid. In Linux the setuid and setgid C calls are used to…

(Posted on 20 February 2020 · 8 mins read)

Zip Encryption Known Plain Text Attack

In this post I would like to highlight a really old flaw with the encryption used by the zip file format. This is a known text attack based on the…

(Posted on 05 December 2019 · 4 mins read)

Quick and Dirty Reverse Engineering

A while ago I had to work with a particularly frustrating application that was required to connect to a hardware appliance. Both of which will remain unnamed in this post….

(Posted on 15 November 2019 · 5 mins read)

Oxford Foundry CTF (2019)

The Oxford Competitive Computer Society hosted a Capture the Flag event which was great fun, I ranked third on the scoreboard. Below are my favorite challenges with a video of…

(Posted on 09 June 2019 · 1 min read)

Projects

A selection of my favorite projects:

ssh_ws

Homegrown implementation of Google Beyond Corp security system (Zero Trust)

This is a demonstration of a proof of concept I built to tunnel ssh traffic over web-sockets using the same system Google uses (Zero Trust) to secure SSH access. It used JWT, mTLS and OAuth. I build both a client and server application to achieve this.

boTTom

Tom’s Bot or Bot Tom - A Reliable Secure Simple Easy to Deploy Cross Platform Botnet

I’ve always had an interest in botnets, from Mirai to Emotet, this side project is my own botnet creation used to test out new ideas and learn more about what it takes to build a botnet, how they can be taken down and how to best approach them.

bad_scp

A Proof of Concept of the Linux command ‘scp’ client side vulnerabilities (CVE-2019-6111 + CVE-2019-6110)

I reversed engineered and created a practical demo of the the CVE-2019-6111 + CVE-2019-6110 vulnerabilities

Reading-List

A collection of articles I’ve read and enjoyed

A collection of articles I’ve read and enjoyed

Photography

A collection of random photos

I would not describe myself as a photographer or the kind of chap to have an instagram, but I do enjoy taking photos, so I thought I’d put a few of my faves on here.

MSc in Software and Systems Security

Details of my Master Degree, chosen Modules and Dissertation

I attended Oxford University for a MSc in Software and Systems Security. This page details the 3 software and 7 security modules I attended along with a explanation of my dissertation.

New PC

Building my new PC!

Details about my new PC, its specs and some cool photos!

Beans

A simple REST API Based Game

A REST API Game where the objective is to have the most beans by the end of the day

bash_bunny - scvtrs

Simple Cross platform Volatile TCP Reverse Shell using a Bash Bunny

Using the Bash Bunny from Hak5 I build payload that can determin the Host OS using p0f and then deliver the required payload

This Website

How this website is built and maintained

Walkthrough of the technology used to build and deploy this website.

Pastejacking 2

A expansion on the original pastejacking attack using bash tricks

This is a demo of a new pastejacking attack using bash and command link tricks to fool the user into executing malicious code.

Arduino Minecraft Monitor

A helpful Arduino Library for polling Minecraft Servers

A custom made Arduino library to query a Minecraft server using the bespoke UDP query API.

Arduino Ping Pong Clock

Arduino powered “ping clock” style clock

Using a mini LCD display and a Arduino I made a ping pong style clock

Arduino Door Lock

Fingerprint and Android Style Pattern Lock

A Arduino door lock using a Fingerprint scanner and a 7 inch touch screen.

Snap Share

A in memory only, temporary file sharing service and API

I wanted to make a way to share files easily and a reason to learn memcached. This project is the combination of both.

Golang Screen Saver

A snake style terminal screen saver written in Golang

A really simple terminal screen saver written in Golang using the tput library.

OpenCV Recorder

A simple but customizable WebCAM recorder using openCV.

A companion application to the TSTP, that allows for openCV videos to be saved and then played back.

Arduino Iron Key

A Arduino based portable secure memory stick.

I recreated the functionality of a hardware encrypted memory stick (such as ‘IronKey’ or ‘Datashur’) using the Arduino micro-controller and a SD card shield.

TSTP

Toms Sentry Tracking Program

This is the 3rd incarnation on my Sentry Tracking program. Using opencv and C++, this project dynamically scans a webcam or video feed and tracks one or more targets

TVBG

Toms Very Basic Game

One of the largest program I’ve written. A simple space shooter written in C++ using OpenGL and a custom made game engine.

TVTS

Toms Vehicle Tracking System (Arduino GPS)

A Arduino based GPS and GRSM Tracking System using a custom built library for the Maplin GSMShield. The Arduino acquires a GPS lock, reads the value and sends the data encrypted via UDP to a collection server.

CCB

Conference Call Bingo

A fun game to play while on a Conference Call.

Datapower XML to JSON

Gateway script to convert XML to JSON

A Really simple gateway script to be used on a IBM Datapower to convert XML to JSON using built in Datapower functions.

Languages

I primarily write GO / Golang day to day and shell scripting. I have experience with the below languages:

Programming Languages

Markup Languages

Skills

Pentesting:

Tools / Software:

IBM Specific:

Operating Systems:

Clouds

Qualifications

Certifications

Awards

Contact

Click here to decode